Sony’s PlayStation Network (PSN) online gaming network has been compromised in what Sony is calling an “illegal and unauthorized intrusion”. Some 77 million users subscribe to this service and it sounds like they’ve all had their information stolen.
Information about PSN subscribers that Sony has confirmed to have been compromised includes:
- Email address
- PSN password and login name
What Sony has not released yet (and this is the big one) is whether credit card numbers and expiration dates have been compromised as well. The PSN network allows users to associate a credit card with their account in order to easily buy content directly from Sony and 3rd parties through the PSN network, and most users will opt to have the card information saved in order to more easily purchase things.
At this point it’s anyones guess if this data was stolen as well. If Sony followed the Payment Card Industry (PCI) guidelines to the letter and properly protected the cardholder data associated with these accounts then they may be OK.
Based on the large security failings that let this attack happen successfully in the first place, I’d say this is unlikely.
See Sony’s official blog post announcing the breach: